Remote Code Execution

Overview

Affected versions of this package are vulnerable to Remote Code Execution.
It allows remote attackers to execute arbitrary code via a crafted JSON request, as it did not properly deserialise object arrays when parsing JSON objects.